I'm going to talk about some of the easy topics and some of the safety related to the game.
First of all, I'm going to make a self-introduction.
I joined Tencent in 2013.
I've been working in Tencent Game Safety,
responsible for the game's game-based plan construction
and security against the game to protect the game's game-based security.
Before joining Tencent,
I've been working at Tencent for about eight years.
My main experience is in the construction of the game's game-based plan
for the analysis of the virus, and the game-based plan for the game-based plan engine.
Back to the topic, what exactly is game safety?
Is there anyone here who doesn't play games?
I'd like to ask.
Raise your hand if you don't play games.
There are only two people raising their hands, that's fine.
Most of them play games.
What exactly is game safety?
I don't know if you've heard of it.
When you play Windows,
normally,
for a pro player,
it takes about two to three minutes
to complete a high-level game.
That's fine.
But if I were to play games with some external software,
I'd probably be done in a second.
When it comes to safety,
it's a very wild idea.
That's what I'd say.
When it comes to Windows,
you can just drag it to the game.
You can use the IDA to analyze it.
It's actually very simple.
You just scan it.
It's stored in the memory library.
Then you drag it out.
Then you just click on the scan to start the game.
Then it's done in a second.
This is a small example.
Let me show you what it's called.
What I mean by that is
I use some non-legal,
non-standard methods to crack down on the game
to achieve some extra benefits.
In this kind of scanning game,
you don't really have to play fast.
But in a real online game,
if you use external software,
the benefits are very obvious.
Let's look at an example.
We can see that
there are these characters
on the wall.
In FPS games,
this is called the character tone.
Normally,
these characters should be
behind the wall.
Then why are they in front of the wall?
It's because external software
has modified the logic of the game.
External software knows that
most FPS games
have characters on the local client side.
The coordinates have already been set.
When scanning,
when scanning behind the wall,
because the position of the Z-axis
is deeper than the wall,
it can't be scanned.
External software can turn off
the Z-axis scanning
or turn the depth to zero
to achieve this character tone.
The reason is that
if you use external software,
you can't win.
So the benefits are very high.
In fact,
there are also external software
on mobile games.
However,
external software
is for selling.
These people also care about
the benefits.
So they will consider user UI
for external software.
Because our traditional mobile phone screen is relatively small,
we can't see the purple line.
By using the antenna,
we can see the character tone
in a better way.
This way,
we can feel the presence of the other party in advance.
This is the CF mobile game.
There are also
such as PUBG.
So,
these are the benefits
of external software in the game.
Next,
I will talk about
the history of external software.
In fact,
from the beginning of the game,
from the earliest games,
such as the games on DOS,
such as Fighters,
there is the technology of hacking.
Then,
in the Windows era,
the technology of hacking
is getting more and more.
In the case of traditional PC games,
we can use some tools
such as Chat Engine,
FP1,
and we can easily modify
the memory properties
and the character properties of these games,
including memory files,
to achieve some functions
that can be quickly passed through.
Most of the people here
may not have played it before.
In the 1990s,
there was the Jin Hong Qun Xia Zuan.
Basically, we can quickly pass through
by modifying the game.
In the era of online games,
the technology of hacking
is getting more and more.
In addition,
we can modify
the memory properties
of the characters in the game.
In fact,
in the FPS game,
we can see the vision.
In addition to the vision,
there is also the auto-focus on the FPS.
The auto-focus means
that when I go to shoot,
most people may not be so accurate
when shooting.
But the auto-focus can help you
to get a better view.
This is also the case
with some of the graphics.
In the era of online games,
because of the interaction of
the online agreement,
there are a lot of
hacking and modification
for the online agreement.
There are some specific examples
behind me.
I can briefly talk about it here.
For example,
if we talk about the whole agreement
and talk about the harm,
we don't need a client.
I only need to write a common line
or a small application
and I can interact with the server.
In fact,
I can invent in the game.
What does this do?
In the game,
the biggest harm is
going into the studio.
If it goes into the studio,
the entire game economy
will collapse.
In addition to
the attack methods
in the game,
there are also
some traditional DDOS.
What does DDOS do?
I don't know
if you have played
Lord of the Rings
or League of Legends.
Have you?
There are still a lot of friends
who have played it.
If you lose,
what do you do?
DDOS,
this kind of game server,
you won't lose in this game.
You can keep your ranking
and never lose.
This is a real example
of this kind of security in Tencent.
So,
only you can think of it
and no outsider can do it.
He can think of
some ways to make a profit.
In the era of mobile games,
there is actually
another bigger risk problem.
In the era of PC,
in fact,
when we do security protection,
we have the whole route.
But in the era of PC,
there is no mobile game
with the whole route.
But for those who
go into the studio,
they can find the
open source mobile phone
and Android simulators.
In this way,
the whole game runs
in a simulator.
They can control how you act
and how you enter.
So, in the era of mobile games,
there may be some other risks.
OK.
Let me talk about
the situation in the game.
We can see that
some people think that
those who do security protection
are hackers.
In fact,
there is a small part of it.
Maybe they rely on their interest
to write a little bit of security.
But the real situation is that
in China, we can see
that most of the security
is not directly involved in
the outside.
They will give it to the general agent.
The general agent will
pack the security in different ways.
They may sell some of it
as internal security
to the security office.
You can't get this kind of sample
outside.
They may give it to Taobao customers.
Taobao customers may have QQ group
or Taobao group
to sell this kind of external security.
These customers are very professional
because it is a fully competitive market.
They may say that in order to build my brand,
if my external security
is detected, I may refund it.
Even if I don't refund it,
I may extend your use period.
So, it is like doing business.
There is another
part of this industry.
Some people
don't do external security.
But they crack other people's external security.
Then, they bind a new version.
They bind the code
and the mining process.
So, the whole industry is very big.
When there are so many income in the game,
everyone is looking at this piece of fat meat.
So, it is two birds with one stone.
This is a
DnF. We can see
a relatively old screenshot.
We can see a relatively old screenshot of the DnF studio.
You can see that
this is actually a multi-screen display
of the DnF running.
Many screens have been reduced
in order to run more customers.
It is really like this.
There is no difference with mining.
It is also mass production.
In China,
Tencent is leading in external security.
In 2018,
we will see some changes
in external security.
The more popular the game is,
the more external security there is.
This is a must.
Only in this way can there be buyers.
Some external security
is really not cheap.
For example, if I am an external security creator,
I may specifically
order external security for the streamer.
I only sell to a few streamers.
The price may be
several tens of thousands per month.
This is not a problem.
Streamers have traffic and fans.
If the streamer can't beat others,
he will find some capable players.
This kind of security
may be custom-made.
So the price of external security
may exceed your imagination.
Several tens of thousands is also possible.
Many of these
because the game is more powerful,
plus most of the games are free,
so the number we reduce
may be some new numbers.
Although these may be the old hands of security,
they may use some new numbers
to cheat.
There is another phenomenon in China.
About 60% of external security
is used in internet cafes.
This is also related to the industry chain.
Because some internet cafe owners
say I will attract
more people to play with me.
They may go to
find some free external security
and put it in their network.
If PUBG is so popular in internet cafes,
they will use this method
to attract players.
In 2018, FPS
is very popular.
In fact, we can see
there are a lot of FPS external security.
In terms of PUBG
we can see
that in 2018,
there are more than
2,700 external security.
In peak period,
there are 100,000 external security.
In 2018,
there are more than 60 games
in PUBG.
Basically,
we can see
there are no external security.
How popular is external security?
I don't know if you have heard
about Apex.
This is a new game.
It will be released on February 5th.
It is an EA game.
In three days,
DAU will exceed 10 million.
In these three days,
we can see
there are more than 60 external security.
As long as your game is popular,
no one will attack you.
I talked about
external security
and history.
Now I will talk about
external security.
I have some experience
in traditional security.
I also have some experience
in external security analysis
and confrontation.
I will combine these two.
In my understanding,
traditional security is divided into three parts.
it is related to
loopholes and software bugs.
Second,
it is related to
network security,
including DDoS.
Third,
it is related to
server security.
It is related to
server protection
to prevent
social entry
or login detection.
From the perspective of
gaming,
these three parts are also
in the same disaster area.
The problem is more serious.
In the traditional software field,
we may study the loopholes of Chrome
or the loopholes of PDF.
We may use these loopholes
to make a leak and escape.
In the game security field,
it may be a little different.
We use this game bug
to find some high-earning points.
There are some examples
to give you some examples.
Maybe
there is something different
in the traditional loopholes.
Most games have strong
customer logic.
The customer logic and data
cannot be fully verified
in the server.
So in the loopholes,
we pay special attention
to the logic related to
the game security.
In addition,
there is a game security
risk, which is the
loopholes.
In fact,
there are still single-player
and host games on the market.
In fact,
the game security solution
also provides a lot of
anti-loopholes.
However,
it is difficult for
game developers
to solve this problem.
Therefore,
it is better to
find some ways
to solve this problem.
In terms of the network,
I just talked about
the example of
DDoS.
In fact,
there are some more complex
solutions for the agreement.
For example,
DDoS will be used
more often
in this kind of
In terms of the server,
it will be better.
In fact,
the security protection
of the server
is relatively mature.
However,
for the game,
it still needs to pay attention.
Because once the server
is taken by others,
it will be transferred to
other games.
OK.
Now I will give you some
specific examples.
What is the software bug?
Have you played this game?
Dabolo.
Dabolo is actually
a classic of Snowball.
What are the loopholes?
This is also the pit
that programmers bought.
The complexity of the game
is actually far beyond
the real world.
This is an example of
the real world.
When Dabolo was released,
some players tried it out.
At the same time,
I could copy the gold coins
and the items.
How did they do it?
We use two PSP handles
to connect the server.
The size is the same.
In Snowball,
this is a very normal thing.
But one player
left his equipment on the ground
and didn't save it.
The PSP A directly left.
Because the PSP B is the same number,
but it is a small number.
He didn't see it.
He found that the item was still there.
So the whole game
didn't stop.
When the PSP Dabolo left,
the equipment was still there.
So the equipment quickly
changed from 1 to 2 to 2 to 4.
This is actually
the same problem
in the previous game.
You may think this is a low-level problem.
There are too many bugs like this.
For D&F,
you can copy the email.
If you send an email,
the item may not be
removed from the body.
So this kind of bug
can theoretically be solved.
But in reality,
there is such a bug.
And it is very harmful
to the game economy.
It will soon collapse.
OK.
The second problem in the software loop
is what I mentioned earlier.
The logic of the client and the logic of the server.
In fact, in the case of game implementation,
it can't be 100% synchronized.
Especially some games
that focus on
game experience
and some economic games.
In the case of implementation requirements,
it must put some logic
on the client's end.
The typical case is that
people may think of
modifying the character attributes
and various attacks.
In fact, people who work in the field
have very broad ideas.
They will not only modify themselves,
but also the monsters.
If you check the character attributes,
it is normal.
Then it will modify all the monsters.
Then your pets,
all kinds of things.
In short, it can modify the attributes
that you can't think of.
What are some common tools used?
It's like this screenshot.
C1, Cheat Engine.
It can search value better.
Of course, this is still a relatively
advanced attack method.
Most servers, if they do some tests,
they may be punished
by the game protection
if they modify the attributes simply.
So, in the case of not modifying
the logic of the game
and not hooking, how to do it?
In fact, it can control the function of the game.
For example, I talked about
the implementation of a self-dial.
The self-dial can actually
call the third D
to modify the character orientation.
To call the function
to adjust the character orientation.
In this case,
it doesn't need to call any code.
Then it directly locks the opponent's head.
Then this function is realized.
Including the logic of my client,
it may be collision detection,
especially the function of hooking,
bullet hooking, character hooking.
These are all realized by the client.
As long as you interfere with
this part of the logic,
or modify it,
there may be a problem.
If the real game,
in fact,
in the case of Heroes League,
there are relatively few outsourcing.
Is it that you can't make any outsourcing?
In fact, it is not.
In fact, there are many resources in the game.
This resource can also be used.
Generally speaking, our idea
may be that resource use is
similar to local games
or the mobile game of League of Legends.
It may have an effect.
It may be a self-hyping effect.
But in the era of online games,
the effect of self-hyping
may be beyond your imagination.
This is a model of a magnified character
of Heroes League.
It modifies the local effect.
What is the benefit?
Normally, if there are five villains
running in the game,
you have to observe the perspective.
If you don't have a full-scale perspective,
you may be a little confused.
But if you have such a
huge character model,
in fact, your whole perspective,
your magnifying glass will come out.
So you may have a level.
In fact,
like this,
it can also modify
this kind of color
resource file.
This is a transparent plus color.
It is not a screenshot of local resource effect.
This is a picture
of local resource effect.
This is a picture
OK.
The previous discussion
is about the logic of game client.
And things related to loopholes.
Is the game more mature
in terms of protocol?
Because the protocol has developed a lot.
It's like old protocol research,
SH and SSH.
They have been studied for many years.
There are many types of encryption and matchmaking.
Is there any problem with the protocol?
Obviously not.
Let's talk about our latest
The outsider is really smart.
He knows that this is done by the Unreal Engine.
The Unreal Engine is actually open source.
He went to study the code of the Unreal Engine
After completely analyzing and understanding the network protocol
He made an outsider without any traces on the PC.
How did he do it?
He made an agent.
This agent server directly displays the location of all the characters in this phone through protocol analysis.
So we can see this effect from a streamer.
So the streamer can actually predict
Where the person is.
If you want to detect him, he doesn't have any traces.
He doesn't have any traces on the PC.
He just has an agent on the network.
It's normal, right?
But after this outsider is made,
It's actually a very difficult function to fight and protect.
So the protocol is not like we thought.
Maybe everyone thinks that this technology is more mature now.
Everything is OK.
OK
But the most important threat of the protocol now is still
On some mobile games and some mobile phone games on the Internet.
OK
I talked about this before.
The problem of this kind of bomb shelter in Luoluo.
In fact, it's more mature now.
Like this screenshot.
It's actually a DDoS platform.
You can directly write on it.
The IP you want to attack.
It's actually more automatic.
In fact, Tencent now.
In fact, you have to go to DDoS.
Luoluo's server is useless.
Because we did the protection.
And we have this kind of DDoS detection based on the protocol level.
Sometimes it's actually related to software design.
DDoS has some scenes that we can't imagine.
For example, it may modify part of the protocol.
Combined with DDoS, you refuse to serve.
Including security servers will be attacked.
Like the example we met.
In the flying car.
Inside.
It will cause our security server to have problems.
And then escape some of our tests.
OK
OK
In addition, the problem of the protocol.
In fact, there are some.
There is also one in this black eye.
That is, it is mutual.
Some small and medium-sized manufacturers.
Small and medium-sized game manufacturers.
It may attack each other.
May buy some traffic.
Finally, talk about a security technology.
This is a relatively direct technology compared to the game.
Because there is no such thing in other security areas.
What is it?
It's a simulation.
In addition to the simulation.
We just talked about this.
Locking the character's head.
This kind of function.
In fact, most of the simulation is used in the studio.
This screenshot is a.
A screenshot of a script in the studio.
It will automatically select the copy.
Automatically complete the push tower.
This kind of function.
But you may not have encountered it.
This kind of.
You may think that.
The simulation key is definitely on Windows.
It is relatively easy to protect.
Then I have drive.
I'll get it done.
In fact.
The situation is really not like this.
What is the studio using?
The studio.
It may be using the solution of the hardware.
The solution of the hardware.
It may record its own script.
Then plug it in via USB.
And broadcast it to you again.
So this is a.
The solution of the hardware.
Can you put a video for me?
There is a video here.
Yes.
Now you can.
He doesn't even need this.
He made a single-screen machine.
And then you can go like this.
Play the game directly like this.
This is a studio on DMF.
OK.
The video is relatively short.
19 seconds.
OK.
I talked about some of the methods of external attack.
How to defend.
This game security.
Give the game a better one.
A treasure.
In fact.
Game protection.
And traditional virus protection.
May be the biggest.
Different place.
Or maybe.
I'll talk about the traditional.
Traditional.
In fact.
You have a virus.
Or there is a mining program.
It must be the program.
This.
This.
Ordinary.
This.
People don't want it.
No.
There is a virus.
Must be killed.
If there is a mining program.
Must be killed.
Influence server operation.
But the game is different.
The game.
I call it.
It is a balance art.
There are three types of people in the game.
The first type is.
This game player.
The second is.
Play in the studio.
The third is.
Game developer and operation.
That.
Game player.
If he meets.
Use external attack.
He must be angry.
I'm going to report.
I'm going to.
Take this external attack.
Report it.
If the game is very complicated.
Very difficult.
He may need some external attacks.
To assist him.
We see.
In fact.
In the magic.
In fact.
There are some external attacks.
He may eventually.
Become a.
Instead.
Become.
A function of a game developer.
Will go.
Provide some to the player.
Support some functions.
So.
Players.
Here.
The attitude.
For external attacks.
Is ambiguous.
If you really want to use external attacks.
Players often.
Also do one.
Very.
It is.
Very.
Difficult to explain.
It is.
External attacks.
Say.
You don't believe.
How many software.
This.
I didn't read.
You turn off.
How many software.
This.
So.
This.
Many.
Players.
He may be.
In the case of external attacks.
He is cooperating.
This.
External attacks.
That.
Play in the studio.
Here.
Is like.
Just.
As much as possible.
A high-speed.
But.
Play in the studio.
In fact.
More than one.
Too many.
Go to.
The same.
On the game.
This.
Play in the studio.
So.
Play in the studio.
They.
Directly.
More than efficiency.
More than production.
Production efficiency.
Finally.
This.
Game developers.
And operation.
That.
He may.
From his point of view.
There are many.
External attacks.
That.
Certainly not.
This game is too bad.
Right.
But.
If.
This.
Player.
Complains.
Very powerful.
You.
This game is too hard to play.
It's all repetitive labor.
That.
He may also want.
There are some external.
Can help the player.
To reduce some burden.
At the same time.
For.
Play in the studio.
It's the same.
If.
You put.
Play in the studio.
All.
Eliminated.
That.
Player.
No place.
To.
Buy gold coins.
That.
Will.
You.
Business.
Your own.
Game developers.
Provide.
This.
Gold coins.
This.
Too.
Expensive.
That.
He may also want.
To find.
A middleman.
Or.
Find.
A situation.
But.
If.
You.
Buy.
All.
Workstables.
That.
For.
Players.
Influence.
Players.
Experience.
Game.
When.
From.
Game.
Developers.
That.
Angle.
That.
He.
Is.
Stubborn.
To.
In.
Players.
Play.
In.
Workstables.
And.
Game.
Developers.
Need.
A.
Balance.
So.
We.
Are.
You.
Still.
OK.
Auntie.
Is.
A.
Third.
A.
I.
You.
Know.
You.
Know.
You.
Know.
You.
Know.
You.
Know.
Your.
Know.
We will also consider the requirements of game operation in terms of penalties.
If the project team or game developer is very tough, we may give them a machine.
If they think this cheating is good, we may kick them down the line.
As for some core gameplay, as we mentioned earlier,
there are many new players, and they cheat very easily.
We may not allow new players to play some core modes.
This is a non-technical test.
How do we protect the technical test?
I divide the technical test into two main aspects.
The first is the general test, and the second is the test based on the behavior.
What is the general test?
The general test means that the logic of the game is closely tied to you.
I mainly use the logic of the game.
I use the logic of the game to make samples or basic protection.
The behavior test is very simple.
In fact, everyone can understand it.
Normally, we may need 20 or 30 minutes to play a copy.
But you pass in two minutes.
This is a super-earning.
In most cases, there is a problem.
So behavior testing may be based on its earning point.
I will talk about these two aspects in detail.
First of all, the general test includes some basic protection.
The basic protection is actually done in our traditional security field.
We include this kind of anti-fragmentation shell.
It will add a relatively strong mixed small VMB shell.
We will carry out a complete protection test for the program.
The code of the test is this kind of code.
We will have some drive protection in Tencent.
Based on Tencent, we will have protection based on VT.
Other manufacturers do not have protection based on VT.
OK.
The general test and the sample test.
The sample test is actually a bit like the kill software.
But it may be more difficult to do than the kill software.
Because this is a strong operation.
It does not mean that all the foreign goods will be killed in one go.
The difficulty is that many samples are actually very difficult to get.
For example, you may not be able to get these streamers.
Or some players do not cooperate with the streamers.
They do not admit that they have used the streamers.
You may not be able to get such a sample.
We want to buy samples.
When people see that you come from Shenzhen, they will not sell them to you.
They will not be able to open in Shenzhen.
There are actually many ideas for these streamers.
Even if you get the sample.
These samples are not the same as the traditional viruses.
For example, it has some strong shells.
You may not be able to get these strong shells.
You may not be able to say that as long as there is a VMP operation program,
I will not let the game be played.
The game developers are not willing to do this.
If you add strong shells, you may not be able to do a better analysis.
The last point is the same as the traditional kill software.
If there is an error, it may cause sudden risk to the foreign goods.
And they don't care about this kind of foreign goods.
It's hard or they don't think about it.
As a game, it still has to be responsible for the players.
They still can't take any risk in the sample operation.
There are two types of data based on the test of behavior.
The first type of data is the data of the character itself.
Including the passage time.
Including when he plays the game.
Some character attributes and related things.
Based on game data, it can actually solve a lot of problems.
Most of the problems can be solved.
What is the difficulty?
The difficulty is that there are some foreign goods that are not that abnormal.
They don't exceed the gain.
For example, if I run a car,
I will do a 1.1x acceleration.
In 1.1x acceleration, it's hard to show the difference between a pro and an ordinary person.
So the gain of behavior has its own risk of misjudgment.
Another type of data is from our client-side plan.
The client-side plan will collect some changes in your game.
Do you have any suspicious processes?
And things like that.
Including, we will combine some of its historical records.
To do some analysis on behavior.
In the end, I will talk about two minor technical points outside the topic.
The current AI is relatively hot.
In the previous video, we talked a lot about the Walu studio.
This is one of the methods of Tencent.
It's not all of them.
How do we do it?
We will find that the path of the studio in the Walu
is different from the path of a normal person.
The red flower-shaped thing you see
is actually the traces of the studio they walked in
in every match in the Walu.
In the case of ordinary players,
it's a trace of the background in black.
Why?
Because the current Walu studio
is relatively simple.
Basically, it's based on some stone colors and principles.
What does this flower symbolize?
Because in the Walu,
there is a copy mode that is rarely used.
It's called the Tornado Forest.
Most studios
will read their own accounts in this mode.
So you may not be able to feel it.
They will read this account,
and sell it on Taobao after 30 episodes.
An account in the Walu
can be sold for 30 yuan on Taobao.
Some people don't want to read it themselves.
They go to find some accounts in Taobao.
Then they buy it.
Then they put it aside.
This way,
the project team can see the truth.
From the point of view of our pure technology,
actually,
if we know that this is the case,
it's relatively easy to solve it.
Then we can use the more popular
framework of deep learning.
We can make a CNN model
to identify in the same group
which people are in the studio,
which are in the suspicious studio,
and which are ordinary players.
At the same time,
we also made a series model based on SSTM
to compare the effect.
We found that the effect of CNN
is still better.
Of course,
most of this is related to your data source.
So,
there are actually a lot of ideas about anti-gay.
Finally,
I would like to talk about
something based on deep learning
to identify this kind of person.
We used the YOLO model.
We will mark this model with artificial lines
and then learn it.
After learning,
when a player is reported,
we will go to see
if it can match
on the picture,
on the screenshot.
It happens to be cheating
and uses a transparent hangout.
OK.
OK.
That's all for my sharing today.
I hope it can bring you
some initial knowledge
on game security.
Thanks again,
everyone.
Bye.
Bye.
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